Cybersecurity Engineer

Cybersecurity Engineer

BAM is a dynamic, multi-disciplinary firm with leading-edge skills in information technology, software development and applied research. Serving government and commercial markets, BAM is committed to its customers and to delivering strong leadership, sound solutions, and innovative thinking.

The Cybersecurity Engineer is responsible for implementing and maintaining automated security tools, running security scans, and providing evidence of STIG compliance. This role involves collaborating with development, operations, and compliance teams to integrate security best practices into applications and infrastructure. The Cybersecurity Engineer will also develop security documentation, deliver security awareness training, and evaluate new security technologies to enhance the team's security posture. Additionally, they will monitor security alerts and respond to incidents in coordination with the compliance team.

Requirements:

• Build and maintain an automated security tool suite that captures security findings in a transparent and discoverable fashion.
• Ensure that all required security scans (SAST, DAST, SCA, etc.) are discoverable by all team members.
• Work with team to ensure applicable STIGs are properly implemented in the target applications. Provide evidence of STIG compliance to Cybersecurity Analyst.
• Work with development and operations teams to integrate security into applications and infrastructure.
• Provide technical guidance and training on security best practices. Promote a culture of security within the team.
• Evaluate new security tools, trends, and technologies to enhance the organization's security posture.
• Recommend upgrades or changes to existing security systems.
• Use the tools established by the organization to monitor the security posture of the project's applications and infrastructure.
• Collaborate with development teams to respond to and resolve security alerts.
• Collaborate with compliance teams to ensure adherence to legal and regulatory requirements.
• Coordinate with Cybersecurity Analyst to maintain required security documentation.
• Create reports on security performance, incidents, and improvements.
• Maintain records of security testing and compliance audits.

To excel in this role, candidates should possess the following:
Qualifications:

• Bachelor’s degree in computer science/Cybersecurity or relevant field
• 3+ years of experience in a security field
• Proficiency in cloud and container security with a strong understanding of foundational web application security concepts such as OWASP Top 10
• Experience with DISA STIGs, NIST 800-53, and RMF
• Familiarity with securing CI/CD pipelines and DevSecOps software factories
• CompTIA Security+

Skills:

• Threat modeling
• Web application penetration testing (SAST, DAST, SCA, etc.)
• Authoring and maintaining scripts to enable testing and automation
• Vulnerability management and analysis

Preferred Skills (not mandatory but a plus):

• Amazon Web Services (AWS)
• GitHub
• Familiarity with Agile development (Scrum/Large-Scale Scrum)
• Experience with a SIEM to monitor application and infrastructure security
• Experience with Linux

This is a remote position